No, rsyslog currently only do basic certificate verification using GnuTLS' gnutls_certificate_verify_peers2 function. In other words it is checked that the presented certificate is valid and matches up to your specified CA trust anchor.
No OIDs (purpose) will be checked. If you are currently using OIDs to limit hosts/apply some kind of ACLs please have a look at rsyslog's peer list feature which allows you to specify hostnames and/or fingerprints to control which hosts are allowed to send logs. See $ActionSendStreamDriverPermittedPeer or StreamDriverPermittedPeers parameter when using nsd (omfwd) or tls.permittedPeer parameter when using imrelp. -Thomas _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
